summaryrefslogtreecommitdiffstats
path: root/fs/cifs/smb2transport.c
diff options
context:
space:
mode:
authorSteve French <stfrench@microsoft.com>2019-06-07 22:16:10 +0200
committerSteve French <stfrench@microsoft.com>2019-07-08 05:37:42 +0200
commit2b2f7548076200b69ee377b4bb4f426696502b04 (patch)
tree159754d3f327afeacbf9c27f2229aed2c5515b5f /fs/cifs/smb2transport.c
parentSMB3: Add SMB3.1.1 GCM to negotiated crypto algorigthms (diff)
downloadlinux-2b2f7548076200b69ee377b4bb4f426696502b04.tar.xz
linux-2b2f7548076200b69ee377b4bb4f426696502b04.zip
SMB3.1.1: Add GCM crypto to the encrypt and decrypt functions
SMB3.1.1 GCM performs much better than the older CCM default: more than twice as fast in the write patch (copy to the Samba server on localhost for example) and 80% faster on the read patch (copy from the server). Signed-off-by: Steve French <stfrench@microsoft.com> Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com> Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
Diffstat (limited to 'fs/cifs/smb2transport.c')
-rw-r--r--fs/cifs/smb2transport.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/fs/cifs/smb2transport.c b/fs/cifs/smb2transport.c
index d1181572758b..1ccbcf9c2c3b 100644
--- a/fs/cifs/smb2transport.c
+++ b/fs/cifs/smb2transport.c
@@ -734,7 +734,10 @@ smb3_crypto_aead_allocate(struct TCP_Server_Info *server)
struct crypto_aead *tfm;
if (!server->secmech.ccmaesencrypt) {
- tfm = crypto_alloc_aead("ccm(aes)", 0, 0);
+ if (server->cipher_type == SMB2_ENCRYPTION_AES128_GCM)
+ tfm = crypto_alloc_aead("gcm(aes)", 0, 0);
+ else
+ tfm = crypto_alloc_aead("ccm(aes)", 0, 0);
if (IS_ERR(tfm)) {
cifs_dbg(VFS, "%s: Failed to alloc encrypt aead\n",
__func__);
@@ -744,7 +747,10 @@ smb3_crypto_aead_allocate(struct TCP_Server_Info *server)
}
if (!server->secmech.ccmaesdecrypt) {
- tfm = crypto_alloc_aead("ccm(aes)", 0, 0);
+ if (server->cipher_type == SMB2_ENCRYPTION_AES128_GCM)
+ tfm = crypto_alloc_aead("gcm(aes)", 0, 0);
+ else
+ tfm = crypto_alloc_aead("ccm(aes)", 0, 0);
if (IS_ERR(tfm)) {
crypto_free_aead(server->secmech.ccmaesencrypt);
server->secmech.ccmaesencrypt = NULL;